You can read about it here . Click the link that says "The end of our rope: the ongoing tug-o-war between business and security", The gist is that we get two business people and two security people together, and they discuss the finer points of managing business and security requirements in real-world environments. Many of us have been there. Security people have a notoriously difficult time convincing the business that security is important, and business folks are just trying to run the company and often view security as a speed bump.

I’m very excited to moderate this panel two years in a row. It is relatively rare to get security and business people together at one table with the sole purpose of discussing how security impacts real-world decisions. As they say on TV, "Let’s get ready to rumble!"

How you can help

Below are some examples of questions I could ask the panelists. I have a much longer list, but I think it would be much more interesting to open this up to the security community. So, given this opportunity, what questions would YOU like me to ask the panelists?

• When you are ‘selling’ security, how do you get appropriate attention when you are talking about what MIGHT happen instead of things that ARE happening? You are essentially asking people to spend money on a problem that "THEY DON’T HAVE". How do you justify the expense?
• Whose responsibility IS it to manage security?
• With security, it is possible to spend an unknown amount of money on an intangible problem. What is the right amount to spend?
• As an industry, security people tend to NOT be very good at communicating security concepts to NON security people. How do you communicate technical security concepts to business people in a way that they get it?

See you at the conference!
–rob